[icebraining]

Guess we can check the code and see for ourselves, of course.

Alas, you can't really know if the code on Github is actually the same running on their servers.

[knadh]

Author here. I concur, just like any other open source software running as a hosted service. It has to be trust based.

[akerl_]

http://www.daemonology.net/blog/2012-01-19-playing-chicken-w...

It doesn't need to be trust-based, and in fact shouldn't be trust-based, because even if I trust you, I also have to trust the people who could coerce or bypass you, or people who could maliciously access/modify your systems.

This is why end-to-end encryption is really the only way to make promises as a server about not reading / storing logs.